As technology becomes increasingly important in our lives, so does data security. However, it appears that Malaysia is lacking behind in this aspect.
According to Twitter user @xanda, a database containing 45 million customers of Malindo Air (now known as Batik Air) has been leaked online. It is said that the database was found on a platform that is associated with selling personal data this week.
The user claimed that the database contains records of Malindo Air passengers which were obtained from a data breach back in March 2019.
Malindo Air (a Malaysian airline) database dump published in clear net. The database contains email addresses, dates of birth, physical addresses, passport numbers and phone numbers; claimed to be breached in 2019 pic.twitter.com/MVKlYtDREN— Adnan (xanda) Mohd Shukor (@xanda) September 5, 2022
He also posted a screenshot of an email he received regarding the data being uploaded onto an online forum.
The leaked database is said to contain people’s phone numbers, email addresses, dates of birth, addresses, passport numbers, and identification card numbers.
In the comment section, many netizens complained about the country’s poor data protection policy and pointed out that this is why Malaysians are receiving spam calls frequently.
“Businesses in Malaysia are stingy when it comes to investing in information security. This is why when there’s a data breach, the government did not take any action against them. These businesses did not lose anything at the end,” an angry netizen said.
What happened in 2019?
In September 2019, Malindo Air said two former employees of its e-commerce contractor were responsible for its passenger data breach.
The airline later revealed that two former workers of e-commerce services provider GoQuo (M) Sdn Bhd’s development centre in India “illegally accessed and stole our customer’s personal information.”
The airline said the incident is not related to the security of its data architecture and none of the payment details of customers were compromised.
It also assured the public that the data breach has been contained and that Malaysian and Indian authorities have been alerted in 2019.